3 matches found
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55073
Vulnerability overview (CVE-2024-55073): hay-kot mealie v2.2.0 has a Broken Object Level Authorization on the /api/users/{user-id} endpoint that lets a user edit their own profile to grant more permissions or change their household. Root cause: improper enforcement of access controls on user-id s...